| CPC H04L 63/1416 (2013.01) [H04L 63/20 (2013.01)] | 20 Claims |
|
1. A method comprising:
receiving, by one or more cloud services, structurally deduplicated data indicative of event data, wherein a format of the structurally deduplicated data is based on a structure of a data model used to store event data associated with network data;
determining an executable file for rule matching, wherein the executable file is based on a compiled ruleset;
identifying, using the executable file and based on a single rule matching a single instance of event data indicated by the structurally deduplicated data, one or more network events indicative of a cyberattack;
in response to identifying that the one or more network events are indicative of the cyberattack;
reconstructing, based on the structurally deduplicated data comprising deduplicated event data, an instance of a network event associated with the cyberattack;
determining, based on the instance of the network event, one or more remediation operations; and
generating an alert indicative of the cyberattack and the one or more remediation operations.
|